Glad that it interested you..! Anyway, I wonder if ICS TSslHttpCli uses EV
SSL certs and whether it is vulnerable.



On Wed, Jul 22, 2009 at 10:09 PM, Francois PIETTE <francois.pie...@skynet.be
> wrote:

>> http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218501653&cid=nl_tw_security
> What I understand from the article is that it is not SSL which is cracked,
> but a design flaw in webbroser which is exploited.
> Quote:
>   Mike Zusman, principal consultant at Intrepidus Group, and Alex Sotirov,
> an independent
>  security researcher, have identified a Web browser design flaw that allows
> an attacker to
>  conduct a "Man-in-the-Middle" attack against Web sites with Extended
> Validation (EV)
>  Secure Sockets Layer (SSL) certificates.
> This is very different than cracking SSL !
> Probably webbrowser editors will soon fix their implementation.
> --
> francois.pie...@overbyte.be
> The author of the freeware multi-tier middleware MidWare
> The author of the freeware Internet Component Suite (ICS)
> http://www.overbyte.be
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to